@clerk/backend
Version:
Clerk Backend SDK - REST Client for Backend API & JWT verification utilities
1,658 lines (1,624 loc) • 191 kB
JavaScript
import {
deprecated,
errorThrower,
getCookieSuffix,
getSuffixedCookieName,
isDevelopmentFromSecretKey,
parsePublishableKey,
retry
} from "./chunk-YBVFDYDR.mjs";
import {
assertHeaderAlgorithm,
assertHeaderType,
decodeJwt,
hasValidSignature,
runtime,
verifyJwt
} from "./chunk-7X3P2E3X.mjs";
import {
MachineTokenVerificationError,
MachineTokenVerificationErrorCode,
TokenVerificationError,
TokenVerificationErrorAction,
TokenVerificationErrorCode,
TokenVerificationErrorReason
} from "./chunk-TCIXZLLW.mjs";
import {
__commonJS,
__privateAdd,
__privateMethod,
__toESM
} from "./chunk-3SCGTTJP.mjs";
// ../../node_modules/.pnpm/cookie@1.0.2/node_modules/cookie/dist/index.js
var require_dist = __commonJS({
"../../node_modules/.pnpm/cookie@1.0.2/node_modules/cookie/dist/index.js"(exports) {
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.parse = parse2;
exports.serialize = serialize;
var cookieNameRegExp = /^[\u0021-\u003A\u003C\u003E-\u007E]+$/;
var cookieValueRegExp = /^[\u0021-\u003A\u003C-\u007E]*$/;
var domainValueRegExp = /^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i;
var pathValueRegExp = /^[\u0020-\u003A\u003D-\u007E]*$/;
var __toString = Object.prototype.toString;
var NullObject = /* @__PURE__ */ (() => {
const C = function() {
};
C.prototype = /* @__PURE__ */ Object.create(null);
return C;
})();
function parse2(str, options) {
const obj = new NullObject();
const len = str.length;
if (len < 2)
return obj;
const dec = options?.decode || decode;
let index = 0;
do {
const eqIdx = str.indexOf("=", index);
if (eqIdx === -1)
break;
const colonIdx = str.indexOf(";", index);
const endIdx = colonIdx === -1 ? len : colonIdx;
if (eqIdx > endIdx) {
index = str.lastIndexOf(";", eqIdx - 1) + 1;
continue;
}
const keyStartIdx = startIndex(str, index, eqIdx);
const keyEndIdx = endIndex(str, eqIdx, keyStartIdx);
const key = str.slice(keyStartIdx, keyEndIdx);
if (obj[key] === void 0) {
let valStartIdx = startIndex(str, eqIdx + 1, endIdx);
let valEndIdx = endIndex(str, endIdx, valStartIdx);
const value = dec(str.slice(valStartIdx, valEndIdx));
obj[key] = value;
}
index = endIdx + 1;
} while (index < len);
return obj;
}
function startIndex(str, index, max) {
do {
const code = str.charCodeAt(index);
if (code !== 32 && code !== 9)
return index;
} while (++index < max);
return max;
}
function endIndex(str, index, min) {
while (index > min) {
const code = str.charCodeAt(--index);
if (code !== 32 && code !== 9)
return index + 1;
}
return min;
}
function serialize(name, val, options) {
const enc = options?.encode || encodeURIComponent;
if (!cookieNameRegExp.test(name)) {
throw new TypeError(`argument name is invalid: ${name}`);
}
const value = enc(val);
if (!cookieValueRegExp.test(value)) {
throw new TypeError(`argument val is invalid: ${val}`);
}
let str = name + "=" + value;
if (!options)
return str;
if (options.maxAge !== void 0) {
if (!Number.isInteger(options.maxAge)) {
throw new TypeError(`option maxAge is invalid: ${options.maxAge}`);
}
str += "; Max-Age=" + options.maxAge;
}
if (options.domain) {
if (!domainValueRegExp.test(options.domain)) {
throw new TypeError(`option domain is invalid: ${options.domain}`);
}
str += "; Domain=" + options.domain;
}
if (options.path) {
if (!pathValueRegExp.test(options.path)) {
throw new TypeError(`option path is invalid: ${options.path}`);
}
str += "; Path=" + options.path;
}
if (options.expires) {
if (!isDate(options.expires) || !Number.isFinite(options.expires.valueOf())) {
throw new TypeError(`option expires is invalid: ${options.expires}`);
}
str += "; Expires=" + options.expires.toUTCString();
}
if (options.httpOnly) {
str += "; HttpOnly";
}
if (options.secure) {
str += "; Secure";
}
if (options.partitioned) {
str += "; Partitioned";
}
if (options.priority) {
const priority = typeof options.priority === "string" ? options.priority.toLowerCase() : void 0;
switch (priority) {
case "low":
str += "; Priority=Low";
break;
case "medium":
str += "; Priority=Medium";
break;
case "high":
str += "; Priority=High";
break;
default:
throw new TypeError(`option priority is invalid: ${options.priority}`);
}
}
if (options.sameSite) {
const sameSite = typeof options.sameSite === "string" ? options.sameSite.toLowerCase() : options.sameSite;
switch (sameSite) {
case true:
case "strict":
str += "; SameSite=Strict";
break;
case "lax":
str += "; SameSite=Lax";
break;
case "none":
str += "; SameSite=None";
break;
default:
throw new TypeError(`option sameSite is invalid: ${options.sameSite}`);
}
}
return str;
}
function decode(str) {
if (str.indexOf("%") === -1)
return str;
try {
return decodeURIComponent(str);
} catch (e) {
return str;
}
}
function isDate(val) {
return __toString.call(val) === "[object Date]";
}
}
});
// src/constants.ts
var API_URL = "https://api.clerk.com";
var API_VERSION = "v1";
var USER_AGENT = `${"@clerk/backend"}@${"2.29.2"}`;
var MAX_CACHE_LAST_UPDATED_AT_SECONDS = 5 * 60;
var SUPPORTED_BAPI_VERSION = "2025-11-10";
var Attributes = {
AuthToken: "__clerkAuthToken",
AuthSignature: "__clerkAuthSignature",
AuthStatus: "__clerkAuthStatus",
AuthReason: "__clerkAuthReason",
AuthMessage: "__clerkAuthMessage",
ClerkUrl: "__clerkUrl"
};
var Cookies = {
Session: "__session",
Refresh: "__refresh",
ClientUat: "__client_uat",
Handshake: "__clerk_handshake",
DevBrowser: "__clerk_db_jwt",
RedirectCount: "__clerk_redirect_count",
HandshakeNonce: "__clerk_handshake_nonce"
};
var QueryParameters = {
ClerkSynced: "__clerk_synced",
SuffixedCookies: "suffixed_cookies",
ClerkRedirectUrl: "__clerk_redirect_url",
// use the reference to Cookies to indicate that it's the same value
DevBrowser: Cookies.DevBrowser,
Handshake: Cookies.Handshake,
HandshakeHelp: "__clerk_help",
LegacyDevBrowser: "__dev_session",
HandshakeReason: "__clerk_hs_reason",
HandshakeNonce: Cookies.HandshakeNonce,
HandshakeFormat: "format",
Session: "__session"
};
var Headers2 = {
Accept: "accept",
AuthMessage: "x-clerk-auth-message",
Authorization: "authorization",
AuthReason: "x-clerk-auth-reason",
AuthSignature: "x-clerk-auth-signature",
AuthStatus: "x-clerk-auth-status",
AuthToken: "x-clerk-auth-token",
CacheControl: "cache-control",
ClerkRedirectTo: "x-clerk-redirect-to",
ClerkRequestData: "x-clerk-request-data",
ClerkUrl: "x-clerk-clerk-url",
CloudFrontForwardedProto: "cloudfront-forwarded-proto",
ContentType: "content-type",
ContentSecurityPolicy: "content-security-policy",
ContentSecurityPolicyReportOnly: "content-security-policy-report-only",
EnableDebug: "x-clerk-debug",
ForwardedHost: "x-forwarded-host",
ForwardedPort: "x-forwarded-port",
ForwardedProto: "x-forwarded-proto",
Host: "host",
Location: "location",
Nonce: "x-nonce",
Origin: "origin",
Referrer: "referer",
SecFetchDest: "sec-fetch-dest",
SecFetchSite: "sec-fetch-site",
UserAgent: "user-agent",
ReportingEndpoints: "reporting-endpoints"
};
var ContentTypes = {
Json: "application/json"
};
var constants = {
Attributes,
Cookies,
Headers: Headers2,
ContentTypes,
QueryParameters
};
// src/createRedirect.ts
import { buildAccountsBaseUrl } from "@clerk/shared/buildAccountsBaseUrl";
var buildUrl = (_baseUrl, _targetUrl, _returnBackUrl, _devBrowserToken) => {
if (_baseUrl === "") {
return legacyBuildUrl(_targetUrl.toString(), _returnBackUrl?.toString());
}
const baseUrl = new URL(_baseUrl);
const returnBackUrl = _returnBackUrl ? new URL(_returnBackUrl, baseUrl) : void 0;
const res = new URL(_targetUrl, baseUrl);
const isCrossOriginRedirect = `${baseUrl.hostname}:${baseUrl.port}` !== `${res.hostname}:${res.port}`;
if (returnBackUrl) {
if (isCrossOriginRedirect) {
returnBackUrl.searchParams.delete(constants.QueryParameters.ClerkSynced);
}
res.searchParams.set("redirect_url", returnBackUrl.toString());
}
if (isCrossOriginRedirect && _devBrowserToken) {
res.searchParams.set(constants.QueryParameters.DevBrowser, _devBrowserToken);
}
return res.toString();
};
var legacyBuildUrl = (targetUrl, redirectUrl) => {
let url;
if (!targetUrl.startsWith("http")) {
if (!redirectUrl || !redirectUrl.startsWith("http")) {
throw new Error("destination url or return back url should be an absolute path url!");
}
const baseURL = new URL(redirectUrl);
url = new URL(targetUrl, baseURL.origin);
} else {
url = new URL(targetUrl);
}
if (redirectUrl) {
url.searchParams.set("redirect_url", redirectUrl);
}
return url.toString();
};
var createRedirect = (params) => {
const { publishableKey, redirectAdapter, signInUrl, signUpUrl, baseUrl, sessionStatus } = params;
const parsedPublishableKey = parsePublishableKey(publishableKey);
const frontendApi = parsedPublishableKey?.frontendApi;
const isDevelopment = parsedPublishableKey?.instanceType === "development";
const accountsBaseUrl = buildAccountsBaseUrl(frontendApi);
const hasPendingStatus = sessionStatus === "pending";
const redirectToTasks = (url, { returnBackUrl }) => {
return redirectAdapter(
buildUrl(baseUrl, `${url}/tasks`, returnBackUrl, isDevelopment ? params.devBrowserToken : null)
);
};
const redirectToSignUp = ({ returnBackUrl } = {}) => {
if (!signUpUrl && !accountsBaseUrl) {
errorThrower.throwMissingPublishableKeyError();
}
const accountsSignUpUrl = `${accountsBaseUrl}/sign-up`;
function buildSignUpUrl(signIn) {
if (!signIn) {
return;
}
const url = new URL(signIn, baseUrl);
url.pathname = `${url.pathname}/create`;
return url.toString();
}
const targetUrl = signUpUrl || buildSignUpUrl(signInUrl) || accountsSignUpUrl;
if (hasPendingStatus) {
return redirectToTasks(targetUrl, { returnBackUrl });
}
return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl, isDevelopment ? params.devBrowserToken : null));
};
const redirectToSignIn = ({ returnBackUrl } = {}) => {
if (!signInUrl && !accountsBaseUrl) {
errorThrower.throwMissingPublishableKeyError();
}
const accountsSignInUrl = `${accountsBaseUrl}/sign-in`;
const targetUrl = signInUrl || accountsSignInUrl;
if (hasPendingStatus) {
return redirectToTasks(targetUrl, { returnBackUrl });
}
return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl, isDevelopment ? params.devBrowserToken : null));
};
return { redirectToSignUp, redirectToSignIn };
};
// src/util/mergePreDefinedOptions.ts
function mergePreDefinedOptions(preDefinedOptions, options) {
return Object.keys(preDefinedOptions).reduce(
(obj, key) => {
return { ...obj, [key]: options[key] || obj[key] };
},
{ ...preDefinedOptions }
);
}
// src/util/optionsAssertions.ts
function assertValidSecretKey(val) {
if (!val || typeof val !== "string") {
throw Error("Missing Clerk Secret Key. Go to https://dashboard.clerk.com and get your key for your instance.");
}
}
function assertValidPublishableKey(val) {
parsePublishableKey(val, { fatal: true });
}
// src/tokens/authenticateContext.ts
import { buildAccountsBaseUrl as buildAccountsBaseUrl2 } from "@clerk/shared/buildAccountsBaseUrl";
import { isCurrentDevAccountPortalOrigin, isLegacyDevAccountPortalOrigin } from "@clerk/shared/url";
// src/tokens/tokenTypes.ts
var TokenType = {
SessionToken: "session_token",
ApiKey: "api_key",
M2MToken: "m2m_token",
OAuthToken: "oauth_token"
};
// src/tokens/authenticateContext.ts
var AuthenticateContext = class {
constructor(cookieSuffix, clerkRequest, options) {
this.cookieSuffix = cookieSuffix;
this.clerkRequest = clerkRequest;
/**
* The original Clerk frontend API URL, extracted from publishable key before proxy URL override.
* Used for backend operations like token validation and issuer checking.
*/
this.originalFrontendApi = "";
if (options.acceptsToken === TokenType.M2MToken || options.acceptsToken === TokenType.ApiKey) {
this.initHeaderValues();
} else {
this.initPublishableKeyValues(options);
this.initHeaderValues();
this.initCookieValues();
this.initHandshakeValues();
}
Object.assign(this, options);
this.clerkUrl = this.clerkRequest.clerkUrl;
}
/**
* Retrieves the session token from either the cookie or the header.
*
* @returns {string | undefined} The session token if available, otherwise undefined.
*/
get sessionToken() {
return this.sessionTokenInCookie || this.tokenInHeader;
}
usesSuffixedCookies() {
const suffixedClientUat = this.getSuffixedCookie(constants.Cookies.ClientUat);
const clientUat = this.getCookie(constants.Cookies.ClientUat);
const suffixedSession = this.getSuffixedCookie(constants.Cookies.Session) || "";
const session = this.getCookie(constants.Cookies.Session) || "";
if (session && !this.tokenHasIssuer(session)) {
return false;
}
if (session && !this.tokenBelongsToInstance(session)) {
return true;
}
if (!suffixedClientUat && !suffixedSession) {
return false;
}
const { data: sessionData } = decodeJwt(session);
const sessionIat = sessionData?.payload.iat || 0;
const { data: suffixedSessionData } = decodeJwt(suffixedSession);
const suffixedSessionIat = suffixedSessionData?.payload.iat || 0;
if (suffixedClientUat !== "0" && clientUat !== "0" && sessionIat > suffixedSessionIat) {
return false;
}
if (suffixedClientUat === "0" && clientUat !== "0") {
return false;
}
if (this.instanceType !== "production") {
const isSuffixedSessionExpired = this.sessionExpired(suffixedSessionData);
if (suffixedClientUat !== "0" && clientUat === "0" && isSuffixedSessionExpired) {
return false;
}
}
if (!suffixedClientUat && suffixedSession) {
return false;
}
return true;
}
/**
* Determines if the request came from a different origin based on the referrer header.
* Used for cross-origin detection in multi-domain authentication flows.
*
* @returns {boolean} True if referrer exists and is from a different origin, false otherwise.
*/
isCrossOriginReferrer() {
if (!this.referrer || !this.clerkUrl.origin) {
return false;
}
try {
const referrerOrigin = new URL(this.referrer).origin;
return referrerOrigin !== this.clerkUrl.origin;
} catch {
return false;
}
}
/**
* Determines if the referrer URL is from a Clerk domain (accounts portal or FAPI).
* This includes both development and production account portal domains, as well as FAPI domains
* used for redirect-based authentication flows.
*
* @returns {boolean} True if the referrer is from a Clerk accounts portal or FAPI domain, false otherwise
*/
isKnownClerkReferrer() {
if (!this.referrer) {
return false;
}
try {
const referrerOrigin = new URL(this.referrer);
const referrerHost = referrerOrigin.hostname;
if (this.frontendApi) {
const fapiHost = this.frontendApi.startsWith("http") ? new URL(this.frontendApi).hostname : this.frontendApi;
if (referrerHost === fapiHost) {
return true;
}
}
if (isLegacyDevAccountPortalOrigin(referrerHost) || isCurrentDevAccountPortalOrigin(referrerHost)) {
return true;
}
const expectedAccountsUrl = buildAccountsBaseUrl2(this.frontendApi);
if (expectedAccountsUrl) {
const expectedAccountsOrigin = new URL(expectedAccountsUrl).origin;
if (referrerOrigin.origin === expectedAccountsOrigin) {
return true;
}
}
if (referrerHost.startsWith("accounts.")) {
return true;
}
return false;
} catch {
return false;
}
}
initPublishableKeyValues(options) {
assertValidPublishableKey(options.publishableKey);
this.publishableKey = options.publishableKey;
const originalPk = parsePublishableKey(this.publishableKey, {
fatal: true,
domain: options.domain,
isSatellite: options.isSatellite
});
this.originalFrontendApi = originalPk.frontendApi;
const pk = parsePublishableKey(this.publishableKey, {
fatal: true,
proxyUrl: options.proxyUrl,
domain: options.domain,
isSatellite: options.isSatellite
});
this.instanceType = pk.instanceType;
this.frontendApi = pk.frontendApi;
}
initHeaderValues() {
this.tokenInHeader = this.parseAuthorizationHeader(this.getHeader(constants.Headers.Authorization));
this.origin = this.getHeader(constants.Headers.Origin);
this.host = this.getHeader(constants.Headers.Host);
this.forwardedHost = this.getHeader(constants.Headers.ForwardedHost);
this.forwardedProto = this.getHeader(constants.Headers.CloudFrontForwardedProto) || this.getHeader(constants.Headers.ForwardedProto);
this.referrer = this.getHeader(constants.Headers.Referrer);
this.userAgent = this.getHeader(constants.Headers.UserAgent);
this.secFetchDest = this.getHeader(constants.Headers.SecFetchDest);
this.accept = this.getHeader(constants.Headers.Accept);
}
initCookieValues() {
this.sessionTokenInCookie = this.getSuffixedOrUnSuffixedCookie(constants.Cookies.Session);
this.refreshTokenInCookie = this.getSuffixedCookie(constants.Cookies.Refresh);
this.clientUat = Number.parseInt(this.getSuffixedOrUnSuffixedCookie(constants.Cookies.ClientUat) || "") || 0;
}
initHandshakeValues() {
this.devBrowserToken = this.getQueryParam(constants.QueryParameters.DevBrowser) || this.getSuffixedOrUnSuffixedCookie(constants.Cookies.DevBrowser);
this.handshakeToken = this.getQueryParam(constants.QueryParameters.Handshake) || this.getCookie(constants.Cookies.Handshake);
this.handshakeRedirectLoopCounter = Number(this.getCookie(constants.Cookies.RedirectCount)) || 0;
this.handshakeNonce = this.getQueryParam(constants.QueryParameters.HandshakeNonce) || this.getCookie(constants.Cookies.HandshakeNonce);
}
getQueryParam(name) {
return this.clerkRequest.clerkUrl.searchParams.get(name);
}
getHeader(name) {
return this.clerkRequest.headers.get(name) || void 0;
}
getCookie(name) {
return this.clerkRequest.cookies.get(name) || void 0;
}
getSuffixedCookie(name) {
return this.getCookie(getSuffixedCookieName(name, this.cookieSuffix)) || void 0;
}
getSuffixedOrUnSuffixedCookie(cookieName) {
if (this.usesSuffixedCookies()) {
return this.getSuffixedCookie(cookieName);
}
return this.getCookie(cookieName);
}
parseAuthorizationHeader(authorizationHeader) {
if (!authorizationHeader) {
return void 0;
}
const [scheme, token] = authorizationHeader.split(" ", 2);
if (!token) {
return scheme;
}
if (scheme === "Bearer") {
return token;
}
return void 0;
}
tokenHasIssuer(token) {
const { data, errors } = decodeJwt(token);
if (errors) {
return false;
}
return !!data.payload.iss;
}
tokenBelongsToInstance(token) {
if (!token) {
return false;
}
const { data, errors } = decodeJwt(token);
if (errors) {
return false;
}
const tokenIssuer = data.payload.iss.replace(/https?:\/\//gi, "");
return this.originalFrontendApi === tokenIssuer;
}
sessionExpired(jwt) {
return !!jwt && jwt?.payload.exp <= Date.now() / 1e3 >> 0;
}
};
var createAuthenticateContext = async (clerkRequest, options) => {
const cookieSuffix = options.publishableKey ? await getCookieSuffix(options.publishableKey, runtime.crypto.subtle) : "";
return new AuthenticateContext(cookieSuffix, clerkRequest, options);
};
// src/tokens/authObjects.ts
import { createCheckAuthorization } from "@clerk/shared/authorization";
import { __experimental_JWTPayloadToAuthObjectProperties } from "@clerk/shared/jwtPayloadParser";
// src/util/path.ts
var SEPARATOR = "/";
var MULTIPLE_SEPARATOR_REGEX = new RegExp("(?<!:)" + SEPARATOR + "{1,}", "g");
function joinPaths(...args) {
return args.filter((p) => p).join(SEPARATOR).replace(MULTIPLE_SEPARATOR_REGEX, SEPARATOR);
}
// src/api/endpoints/AbstractApi.ts
var AbstractAPI = class {
constructor(request) {
this.request = request;
}
requireId(id) {
if (!id) {
throw new Error("A valid resource ID is required.");
}
}
};
// src/api/endpoints/ActorTokenApi.ts
var basePath = "/actor_tokens";
var ActorTokenAPI = class extends AbstractAPI {
async create(params) {
return this.request({
method: "POST",
path: basePath,
bodyParams: params
});
}
async revoke(actorTokenId) {
this.requireId(actorTokenId);
return this.request({
method: "POST",
path: joinPaths(basePath, actorTokenId, "revoke")
});
}
};
// src/api/endpoints/AccountlessApplicationsAPI.ts
var basePath2 = "/accountless_applications";
var AccountlessApplicationAPI = class extends AbstractAPI {
async createAccountlessApplication(params) {
const headerParams = params?.requestHeaders ? Object.fromEntries(params.requestHeaders.entries()) : void 0;
return this.request({
method: "POST",
path: basePath2,
headerParams
});
}
async completeAccountlessApplicationOnboarding(params) {
const headerParams = params?.requestHeaders ? Object.fromEntries(params.requestHeaders.entries()) : void 0;
return this.request({
method: "POST",
path: joinPaths(basePath2, "complete"),
headerParams
});
}
};
// src/api/endpoints/AllowlistIdentifierApi.ts
var basePath3 = "/allowlist_identifiers";
var AllowlistIdentifierAPI = class extends AbstractAPI {
async getAllowlistIdentifierList(params = {}) {
return this.request({
method: "GET",
path: basePath3,
queryParams: { ...params, paginated: true }
});
}
async createAllowlistIdentifier(params) {
return this.request({
method: "POST",
path: basePath3,
bodyParams: params
});
}
async deleteAllowlistIdentifier(allowlistIdentifierId) {
this.requireId(allowlistIdentifierId);
return this.request({
method: "DELETE",
path: joinPaths(basePath3, allowlistIdentifierId)
});
}
};
// src/api/endpoints/APIKeysApi.ts
var basePath4 = "/api_keys";
var APIKeysAPI = class extends AbstractAPI {
async list(queryParams) {
return this.request({
method: "GET",
path: basePath4,
queryParams
});
}
async create(params) {
return this.request({
method: "POST",
path: basePath4,
bodyParams: params
});
}
async get(apiKeyId) {
this.requireId(apiKeyId);
return this.request({
method: "GET",
path: joinPaths(basePath4, apiKeyId)
});
}
async update(params) {
const { apiKeyId, ...bodyParams } = params;
this.requireId(apiKeyId);
return this.request({
method: "PATCH",
path: joinPaths(basePath4, apiKeyId),
bodyParams
});
}
async delete(apiKeyId) {
this.requireId(apiKeyId);
return this.request({
method: "DELETE",
path: joinPaths(basePath4, apiKeyId)
});
}
async revoke(params) {
const { apiKeyId, revocationReason = null } = params;
this.requireId(apiKeyId);
return this.request({
method: "POST",
path: joinPaths(basePath4, apiKeyId, "revoke"),
bodyParams: { revocationReason }
});
}
async getSecret(apiKeyId) {
this.requireId(apiKeyId);
return this.request({
method: "GET",
path: joinPaths(basePath4, apiKeyId, "secret")
});
}
async verify(secret) {
return this.request({
method: "POST",
path: joinPaths(basePath4, "verify"),
bodyParams: { secret }
});
}
/**
* @deprecated Use `verify()` instead. This method will be removed in the next major release.
*/
async verifySecret(secret) {
deprecated("apiKeys.verifySecret()", "Use `apiKeys.verify()` instead.");
return this.verify(secret);
}
};
// src/api/endpoints/BetaFeaturesApi.ts
var basePath5 = "/beta_features";
var BetaFeaturesAPI = class extends AbstractAPI {
/**
* Change the domain of a production instance.
*
* Changing the domain requires updating the DNS records accordingly, deploying new SSL certificates,
* updating your Social Connection's redirect URLs and setting the new keys in your code.
*
* @remarks
* WARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out).
* Also, while your application is being deployed, a small downtime is expected to occur.
*/
async changeDomain(params) {
return this.request({
method: "POST",
path: joinPaths(basePath5, "change_domain"),
bodyParams: params
});
}
};
// src/api/endpoints/BlocklistIdentifierApi.ts
var basePath6 = "/blocklist_identifiers";
var BlocklistIdentifierAPI = class extends AbstractAPI {
async getBlocklistIdentifierList(params = {}) {
return this.request({
method: "GET",
path: basePath6,
queryParams: params
});
}
async createBlocklistIdentifier(params) {
return this.request({
method: "POST",
path: basePath6,
bodyParams: params
});
}
async deleteBlocklistIdentifier(blocklistIdentifierId) {
this.requireId(blocklistIdentifierId);
return this.request({
method: "DELETE",
path: joinPaths(basePath6, blocklistIdentifierId)
});
}
};
// src/api/endpoints/ClientApi.ts
var basePath7 = "/clients";
var ClientAPI = class extends AbstractAPI {
async getClientList(params = {}) {
return this.request({
method: "GET",
path: basePath7,
queryParams: { ...params, paginated: true }
});
}
async getClient(clientId) {
this.requireId(clientId);
return this.request({
method: "GET",
path: joinPaths(basePath7, clientId)
});
}
verifyClient(token) {
return this.request({
method: "POST",
path: joinPaths(basePath7, "verify"),
bodyParams: { token }
});
}
async getHandshakePayload(queryParams) {
return this.request({
method: "GET",
path: joinPaths(basePath7, "handshake_payload"),
queryParams
});
}
};
// src/api/endpoints/DomainApi.ts
var basePath8 = "/domains";
var DomainAPI = class extends AbstractAPI {
async list() {
return this.request({
method: "GET",
path: basePath8
});
}
async add(params) {
return this.request({
method: "POST",
path: basePath8,
bodyParams: params
});
}
async update(params) {
const { domainId, ...bodyParams } = params;
this.requireId(domainId);
return this.request({
method: "PATCH",
path: joinPaths(basePath8, domainId),
bodyParams
});
}
/**
* Deletes a satellite domain for the instance.
* It is currently not possible to delete the instance's primary domain.
*/
async delete(satelliteDomainId) {
return this.deleteDomain(satelliteDomainId);
}
/**
* @deprecated Use `delete` instead
*/
async deleteDomain(satelliteDomainId) {
this.requireId(satelliteDomainId);
return this.request({
method: "DELETE",
path: joinPaths(basePath8, satelliteDomainId)
});
}
};
// src/api/endpoints/EmailAddressApi.ts
var basePath9 = "/email_addresses";
var EmailAddressAPI = class extends AbstractAPI {
async getEmailAddress(emailAddressId) {
this.requireId(emailAddressId);
return this.request({
method: "GET",
path: joinPaths(basePath9, emailAddressId)
});
}
async createEmailAddress(params) {
return this.request({
method: "POST",
path: basePath9,
bodyParams: params
});
}
async updateEmailAddress(emailAddressId, params = {}) {
this.requireId(emailAddressId);
return this.request({
method: "PATCH",
path: joinPaths(basePath9, emailAddressId),
bodyParams: params
});
}
async deleteEmailAddress(emailAddressId) {
this.requireId(emailAddressId);
return this.request({
method: "DELETE",
path: joinPaths(basePath9, emailAddressId)
});
}
};
// src/api/endpoints/IdPOAuthAccessTokenApi.ts
var basePath10 = "/oauth_applications/access_tokens";
var IdPOAuthAccessTokenApi = class extends AbstractAPI {
async verify(accessToken) {
return this.request({
method: "POST",
path: joinPaths(basePath10, "verify"),
bodyParams: { access_token: accessToken }
});
}
/**
* @deprecated Use `verify()` instead. This method will be removed in the next major release.
*/
async verifyAccessToken(accessToken) {
deprecated("idPOAuthAccessToken.verifyAccessToken()", "Use `idPOAuthAccessToken.verify()` instead.");
return this.verify(accessToken);
}
};
// src/api/endpoints/InstanceApi.ts
var basePath11 = "/instance";
var InstanceAPI = class extends AbstractAPI {
async get() {
return this.request({
method: "GET",
path: basePath11
});
}
async update(params) {
return this.request({
method: "PATCH",
path: basePath11,
bodyParams: params
});
}
async updateRestrictions(params) {
return this.request({
method: "PATCH",
path: joinPaths(basePath11, "restrictions"),
bodyParams: params
});
}
async updateOrganizationSettings(params) {
return this.request({
method: "PATCH",
path: joinPaths(basePath11, "organization_settings"),
bodyParams: params
});
}
};
// src/api/endpoints/InvitationApi.ts
var basePath12 = "/invitations";
var InvitationAPI = class extends AbstractAPI {
async getInvitationList(params = {}) {
return this.request({
method: "GET",
path: basePath12,
queryParams: { ...params, paginated: true }
});
}
async createInvitation(params) {
return this.request({
method: "POST",
path: basePath12,
bodyParams: params
});
}
async createInvitationBulk(params) {
return this.request({
method: "POST",
path: joinPaths(basePath12, "bulk"),
bodyParams: params
});
}
async revokeInvitation(invitationId) {
this.requireId(invitationId);
return this.request({
method: "POST",
path: joinPaths(basePath12, invitationId, "revoke")
});
}
};
// src/api/endpoints/MachineApi.ts
var basePath13 = "/machines";
var MachineApi = class extends AbstractAPI {
async get(machineId) {
this.requireId(machineId);
return this.request({
method: "GET",
path: joinPaths(basePath13, machineId)
});
}
async list(queryParams = {}) {
return this.request({
method: "GET",
path: basePath13,
queryParams
});
}
async create(bodyParams) {
return this.request({
method: "POST",
path: basePath13,
bodyParams
});
}
async update(params) {
const { machineId, ...bodyParams } = params;
this.requireId(machineId);
return this.request({
method: "PATCH",
path: joinPaths(basePath13, machineId),
bodyParams
});
}
async delete(machineId) {
this.requireId(machineId);
return this.request({
method: "DELETE",
path: joinPaths(basePath13, machineId)
});
}
async getSecretKey(machineId) {
this.requireId(machineId);
return this.request({
method: "GET",
path: joinPaths(basePath13, machineId, "secret_key")
});
}
async rotateSecretKey(params) {
const { machineId, previousTokenTtl } = params;
this.requireId(machineId);
return this.request({
method: "POST",
path: joinPaths(basePath13, machineId, "secret_key", "rotate"),
bodyParams: {
previousTokenTtl
}
});
}
/**
* Creates a new machine scope, allowing the specified machine to access another machine.
*
* @param machineId - The ID of the machine that will have access to another machine.
* @param toMachineId - The ID of the machine that will be scoped to the current machine.
*/
async createScope(machineId, toMachineId) {
this.requireId(machineId);
return this.request({
method: "POST",
path: joinPaths(basePath13, machineId, "scopes"),
bodyParams: {
toMachineId
}
});
}
/**
* Deletes a machine scope, removing access from one machine to another.
*
* @param machineId - The ID of the machine that has access to another machine.
* @param otherMachineId - The ID of the machine that is being accessed.
*/
async deleteScope(machineId, otherMachineId) {
this.requireId(machineId);
return this.request({
method: "DELETE",
path: joinPaths(basePath13, machineId, "scopes", otherMachineId)
});
}
};
// src/api/endpoints/M2MTokenApi.ts
var basePath14 = "/m2m_tokens";
var _M2MTokenApi_instances, createRequestOptions_fn;
var M2MTokenApi = class extends AbstractAPI {
constructor() {
super(...arguments);
__privateAdd(this, _M2MTokenApi_instances);
}
async createToken(params) {
const { claims = null, machineSecretKey, secondsUntilExpiration = null } = params || {};
const requestOptions = __privateMethod(this, _M2MTokenApi_instances, createRequestOptions_fn).call(this, {
method: "POST",
path: basePath14,
bodyParams: {
secondsUntilExpiration,
claims
}
}, machineSecretKey);
return this.request(requestOptions);
}
async revokeToken(params) {
const { m2mTokenId, revocationReason = null, machineSecretKey } = params;
this.requireId(m2mTokenId);
const requestOptions = __privateMethod(this, _M2MTokenApi_instances, createRequestOptions_fn).call(this, {
method: "POST",
path: joinPaths(basePath14, m2mTokenId, "revoke"),
bodyParams: {
revocationReason
}
}, machineSecretKey);
return this.request(requestOptions);
}
async verify(params) {
const { token, machineSecretKey } = params;
const requestOptions = __privateMethod(this, _M2MTokenApi_instances, createRequestOptions_fn).call(this, {
method: "POST",
path: joinPaths(basePath14, "verify"),
bodyParams: { token }
}, machineSecretKey);
return this.request(requestOptions);
}
/**
* @deprecated Use `verify()` instead. This method will be removed in the next major release.
*/
async verifyToken(params) {
deprecated("m2m.verifyToken()", "Use `m2m.verify()` instead.");
return this.verify(params);
}
};
_M2MTokenApi_instances = new WeakSet();
createRequestOptions_fn = function(options, machineSecretKey) {
if (machineSecretKey) {
return {
...options,
headerParams: {
...options.headerParams,
Authorization: `Bearer ${machineSecretKey}`
}
};
}
return options;
};
// src/api/endpoints/JwksApi.ts
var basePath15 = "/jwks";
var JwksAPI = class extends AbstractAPI {
async getJwks() {
return this.request({
method: "GET",
path: basePath15
});
}
};
// src/api/endpoints/JwtTemplatesApi.ts
var basePath16 = "/jwt_templates";
var JwtTemplatesApi = class extends AbstractAPI {
async list(params = {}) {
return this.request({
method: "GET",
path: basePath16,
queryParams: { ...params, paginated: true }
});
}
async get(templateId) {
this.requireId(templateId);
return this.request({
method: "GET",
path: joinPaths(basePath16, templateId)
});
}
async create(params) {
return this.request({
method: "POST",
path: basePath16,
bodyParams: params
});
}
async update(params) {
const { templateId, ...bodyParams } = params;
this.requireId(templateId);
return this.request({
method: "PATCH",
path: joinPaths(basePath16, templateId),
bodyParams
});
}
async delete(templateId) {
this.requireId(templateId);
return this.request({
method: "DELETE",
path: joinPaths(basePath16, templateId)
});
}
};
// src/api/endpoints/OrganizationApi.ts
var basePath17 = "/organizations";
var OrganizationAPI = class extends AbstractAPI {
async getOrganizationList(params) {
return this.request({
method: "GET",
path: basePath17,
queryParams: params
});
}
async createOrganization(params) {
return this.request({
method: "POST",
path: basePath17,
bodyParams: params
});
}
async getOrganization(params) {
const { includeMembersCount } = params;
const organizationIdOrSlug = "organizationId" in params ? params.organizationId : params.slug;
this.requireId(organizationIdOrSlug);
return this.request({
method: "GET",
path: joinPaths(basePath17, organizationIdOrSlug),
queryParams: {
includeMembersCount
}
});
}
async updateOrganization(organizationId, params) {
this.requireId(organizationId);
return this.request({
method: "PATCH",
path: joinPaths(basePath17, organizationId),
bodyParams: params
});
}
async updateOrganizationLogo(organizationId, params) {
this.requireId(organizationId);
const formData = new runtime.FormData();
formData.append("file", params?.file);
if (params?.uploaderUserId) {
formData.append("uploader_user_id", params?.uploaderUserId);
}
return this.request({
method: "PUT",
path: joinPaths(basePath17, organizationId, "logo"),
formData
});
}
async deleteOrganizationLogo(organizationId) {
this.requireId(organizationId);
return this.request({
method: "DELETE",
path: joinPaths(basePath17, organizationId, "logo")
});
}
async updateOrganizationMetadata(organizationId, params) {
this.requireId(organizationId);
return this.request({
method: "PATCH",
path: joinPaths(basePath17, organizationId, "metadata"),
bodyParams: params
});
}
async deleteOrganization(organizationId) {
return this.request({
method: "DELETE",
path: joinPaths(basePath17, organizationId)
});
}
async getOrganizationMembershipList(params) {
const { organizationId, ...queryParams } = params;
this.requireId(organizationId);
return this.request({
method: "GET",
path: joinPaths(basePath17, organizationId, "memberships"),
queryParams
});
}
async getInstanceOrganizationMembershipList(params) {
return this.request({
method: "GET",
path: "/organization_memberships",
queryParams: params
});
}
async createOrganizationMembership(params) {
const { organizationId, ...bodyParams } = params;
this.requireId(organizationId);
return this.request({
method: "POST",
path: joinPaths(basePath17, organizationId, "memberships"),
bodyParams
});
}
async updateOrganizationMembership(params) {
const { organizationId, userId, ...bodyParams } = params;
this.requireId(organizationId);
return this.request({
method: "PATCH",
path: joinPaths(basePath17, organizationId, "memberships", userId),
bodyParams
});
}
async updateOrganizationMembershipMetadata(params) {
const { organizationId, userId, ...bodyParams } = params;
return this.request({
method: "PATCH",
path: joinPaths(basePath17, organizationId, "memberships", userId, "metadata"),
bodyParams
});
}
async deleteOrganizationMembership(params) {
const { organizationId, userId } = params;
this.requireId(organizationId);
return this.request({
method: "DELETE",
path: joinPaths(basePath17, organizationId, "memberships", userId)
});
}
async getOrganizationInvitationList(params) {
const { organizationId, ...queryParams } = params;
this.requireId(organizationId);
return this.request({
method: "GET",
path: joinPaths(basePath17, organizationId, "invitations"),
queryParams
});
}
async createOrganizationInvitation(params) {
const { organizationId, ...bodyParams } = params;
this.requireId(organizationId);
return this.request({
method: "POST",
path: joinPaths(basePath17, organizationId, "invitations"),
bodyParams
});
}
async createOrganizationInvitationBulk(organizationId, params) {
this.requireId(organizationId);
return this.request({
method: "POST",
path: joinPaths(basePath17, organizationId, "invitations", "bulk"),
bodyParams: params
});
}
async getOrganizationInvitation(params) {
const { organizationId, invitationId } = params;
this.requireId(organizationId);
this.requireId(invitationId);
return this.request({
method: "GET",
path: joinPaths(basePath17, organizationId, "invitations", invitationId)
});
}
async revokeOrganizationInvitation(params) {
const { organizationId, invitationId, ...bodyParams } = params;
this.requireId(organizationId);
return this.request({
method: "POST",
path: joinPaths(basePath17, organizationId, "invitations", invitationId, "revoke"),
bodyParams
});
}
async getOrganizationDomainList(params) {
const { organizationId, ...queryParams } = params;
this.requireId(organizationId);
return this.request({
method: "GET",
path: joinPaths(basePath17, organizationId, "domains"),
queryParams
});
}
async createOrganizationDomain(params) {
const { organizationId, ...bodyParams } = params;
this.requireId(organizationId);
return this.request({
method: "POST",
path: joinPaths(basePath17, organizationId, "domains"),
bodyParams: {
...bodyParams,
verified: bodyParams.verified ?? true
}
});
}
async updateOrganizationDomain(params) {
const { organizationId, domainId, ...bodyParams } = params;
this.requireId(organizationId);
this.requireId(domainId);
return this.request({
method: "PATCH",
path: joinPaths(basePath17, organizationId, "domains", domainId),
bodyParams
});
}
async deleteOrganizationDomain(params) {
const { organizationId, domainId } = params;
this.requireId(organizationId);
this.requireId(domainId);
return this.request({
method: "DELETE",
path: joinPaths(basePath17, organizationId, "domains", domainId)
});
}
};
// src/api/endpoints/OAuthApplicationsApi.ts
var basePath18 = "/oauth_applications";
var OAuthApplicationsApi = class extends AbstractAPI {
async list(params = {}) {
return this.request({
method: "GET",
path: basePath18,
queryParams: params
});
}
async get(oauthApplicationId) {
this.requireId(oauthApplicationId);
return this.request({
method: "GET",
path: joinPaths(basePath18, oauthApplicationId)
});
}
async create(params) {
return this.request({
method: "POST",
path: basePath18,
bodyParams: params
});
}
async update(params) {
const { oauthApplicationId, ...bodyParams } = params;
this.requireId(oauthApplicationId);
return this.request({
method: "PATCH",
path: joinPaths(basePath18, oauthApplicationId),
bodyParams
});
}
async delete(oauthApplicationId) {
this.requireId(oauthApplicationId);
return this.request({
method: "DELETE",
path: joinPaths(basePath18, oauthApplicationId)
});
}
async rotateSecret(oauthApplicationId) {
this.requireId(oauthApplicationId);
return this.request({
method: "POST",
path: joinPaths(basePath18, oauthApplicationId, "rotate_secret")
});
}
};
// src/api/endpoints/PhoneNumberApi.ts
var basePath19 = "/phone_numbers";
var PhoneNumberAPI = class extends AbstractAPI {
async getPhoneNumber(phoneNumberId) {
this.requireId(phoneNumberId);
return this.request({
method: "GET",
path: joinPaths(basePath19, phoneNumberId)
});
}
async createPhoneNumber(params) {
return this.request({
method: "POST",
path: basePath19,
bodyParams: params
});
}
async updatePhoneNumber(phoneNumberId, params = {}) {
this.requireId(phoneNumberId);
return this.request({
method: "PATCH",
path: joinPaths(basePath19, phoneNumberId),
bodyParams: params
});
}
async deletePhoneNumber(phoneNumberId) {
this.requireId(phoneNumberId);
return this.request({
method: "DELETE",
path: joinPaths(basePath19, phoneNumberId)
});
}
};
// src/api/endpoints/ProxyCheckApi.ts
var basePath20 = "/proxy_checks";
var ProxyCheckAPI = class extends AbstractAPI {
async verify(params) {
return this.request({
method: "POST",
path: basePath20,
bodyParams: params
});
}
};
// src/api/endpoints/RedirectUrlApi.ts
var basePath21 = "/redirect_urls";
var RedirectUrlAPI = class extends AbstractAPI {
async getRedirectUrlList() {
return this.request({
method: "GET",
path: basePath21,
queryParams: { paginated: true }
});
}
async getRedirectUrl(redirectUrlId) {
this.requireId(redirectUrlId);
return this.request({
method: "GET",
path: joinPaths(basePath21, redirectUrlId)
});
}
async createRedirectUrl(params) {
return this.request({
method: "POST",
path: basePath21,
bodyParams: params
});
}
async deleteRedirectUrl(redirectUrlId) {
this.requireId(redirectUrlId);
return this.request({
method: "DELETE",
path: joinPaths(basePath21, redirectUrlId)
});
}
};
// src/api/endpoints/SamlConnectionApi.ts
var basePath22 = "/saml_connections";
var SamlConnectionAPI = class extends AbstractAPI {
async getSamlConnectionList(params = {}) {
return this.request({
method: "GET",
path: basePath22,
queryParams: params
});
}
async createSamlConnection(params) {
return this.request({
method: "POST",
path: basePath22,
bodyParams: params,
options: {
deepSnakecaseBodyParamKeys: true
}
});
}
async getSamlConnection(samlConnectionId) {
this.requireId(samlConnectionId);
return this.request({
method: "GET",
path: joinPaths(basePath22, samlConnectionId)
});
}
async updateSamlConnection(samlConnectionId, params = {}) {
this.requireId(samlConnectionId);
return this.request({
method: "PATCH",
path: joinPaths(basePath22, samlConnectionId),
bodyParams: params,
options: {
deepSnakecaseBodyParamKeys: true
}
});
}
async deleteSamlConnection(samlConnectionId) {
this.requireId(samlConnectionId);
return this.request({
method: "DELETE",
path: joinPaths(basePath22, samlConnectionId)
});
}
};
// src/api/endpoints/SessionApi.ts
var basePath23 = "/sessions";
var SessionAPI = class extends AbstractAPI {
async getSessionList(params = {}) {
return this.request({
method: "GET",
path: basePath23,
queryParams: { ...params, paginated: true }
});
}
async getSession(sessionId) {
this.requireId(sessionId);
return this.request({
method: "GET",
path: joinPaths(basePath23, sessionId)
});
}
async createSession(params) {
return this.request({
method: "POST",
path: basePath23,
bodyParams: params
});
}
async revokeSession(sessionId) {
this.requireId(sessionId);
return this.request({
method: "POST",
path: joinPaths(basePath23, sessionId, "revoke")
});
}
async verifySession(sessionId, token) {
this.requireId(sessionId);
return this.request({
method: "POST",
path: joinPaths(basePath23, sessionId, "verify"),
bodyParams: { token }
});
}
/**
* Retrieves a session token or generates a JWT using a specified template.
*
* @param sessionId - The ID of the session for which to generate the token
* @param template - Optional name of the JWT template configured in the Clerk Dashboard.
* @param expiresInSeconds - Optional expiration time for the token in seconds.
* If not provided, uses the default expiration.
*
* @returns A promise that resolves to the generated token
*
* @throws {Error} When sessionId is invalid or empty
*/
async getToken(sessionId, template, expiresInSeconds) {
this.requireId(sessionId);
const path = template ? joinPaths(basePath23, sessionId, "tokens", template) : joinPaths(basePath23, sessionId, "tokens");
const requestOptions = {
method: "POST",
path
};
if (expiresInSeconds !== void 0) {
requestOptions.bodyParams = { expires_in_seconds: expiresInSeconds };
}
return this.request(requestOptions);
}
async refreshSession(sessionId, params) {
this.requireId(sessionId);
const { suffixed_cookies, ...restParams } = params;
retu